Tuesday, February 08, 2005

Link spam and SQL injection

As the spammers possess eternal vigilance I've been getting lots of nice poker offers masquerading as helpful restaurant reviews on my Vegan and Vegetarian Ireland guide. As these have to get manually approved before appearing on my site, the problem is just having to plough through them. So I improved the input validation to reject any input containing HTML markup, which is not needed for this particular application. At the same time I've been trying to improve the sanitising of all the input to help guard against SQL injection attacks. Hopefully it's not tempting fate to write about it!

In fact, the surprising thing is that it took the spammers a couple of months to start trying to exploit my site. Since I made the changes not a beep out of them. So far, so good. There's a fascinating interview with a link spammer over at the Register - "nothing personal". While they're getting rich from it, they're going to keep at it.

In fact, a small percentage of visitors to my site(s) come via spam link farms which link to me. These seem to scrape the web at most every few days probably via scraping snippets off Google and other search engines. But obviously some people follow these and click on the links, so some of them are undoubtedly clicking on the ads there too, making the spammers rich. When they show up high in the search engines results they attract visitors.